Show Posts
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
| Hi all. Sorry for the lateness, was on a snow trip with work. Also, tech news has sucked pretty hard lately...sorry about that, I hope it picks up soon  As usual, you can find last week's news here. |
Upcoming versions of Mozilla's Firefox browser will automatically warn users running versions of Adobe's Flash Media Player that contain known security bugs, according to a published report.
The check will be invoked each time the popular open-source browser is updated, according to the report which was published Thursday by The H. Users who have out-of-date versions of the Adobe application will be notified in the "What's New" browser page that automatically opens each time an update is installed.
The block was imposed by a Texan court following a ruling that its use of formatting language XML in Word 2003 and 2005 infringed patents.
Under the ruling Microsoft was ordered to pay Canadian patent owner i4i $290m (£177m) damages and also told to stop sales of the relevant versions of Word.
The ban on sales was due to come in to force in mid-October.
The best feature of the much-maligned Digital Millennium Copyright Act (DMCA) is its "safe harbor" for Internet service providers, who can't be held liable for what customers do using their networks. Mostly. There are limits, and Louis Vuitton found them this week in a federal court. The luxury goods maker won $32 million from two ISPs and the man who ran them after proving to a jury that the ISPs had full knowledge that they hosted mainly websites for counterfeit goods—and refused to take action.
The two ISPs are Akanoc and Managed Solutions Group, both run out of Fremont, California by one Steven Chen. According to Louis Vuitton's July 2008 complaint, Chen's companies "were formed for and exist primarily to facilitate the promotion and advertisement of offers for counterfeit and infringing merchandise." The ISPs hosted a huge array of sites offering fake Vuitton purses, wallets, and bags—sites like Luxury2us.com, Louis-vuitton-bags.org and HandBagSell.com.
Diebold announced on Thursday that it has sold its voting machine division to Election Systems & Software (ES&S), a former competitor. Diebold's unceremonious departure from the electronic voting machine business will be welcomed by critics of the company's controversial direct-recording electronic voting products.
Diebold, which is primarily an ATM maker, decided to unload its voting machine subsidiary—Premier Election Solutions—for roughly $5 million and change. As a consequence of the deal, the company expects to report a loss of over $45 million. According to a statement issued by Diebold, the company has been looking for a way out of the voting machine racket ("pursuing strategic alternatives to ownership") since 2006 when it realized that the whole endeavor was intractably dysfunctional ("identified its US elections systems business as non-core to its operations").
Attackers have begun actively targeting an unpatched hole in Microsoft's Internet Information Services webserver using new exploit code that greatly expands the number of systems that are vulnerable to the bug.
In an updated advisory published Friday, Microsoft researchers said they are seeing "limited attacks" exploiting the vulnerability, which resides in a file transfer protocol component of IIS. Exploit code publicly released in the past 24 hours is now able to cause vulnerable servers to crash even when users don't have the ability to create their own directories.
A security researcher has vowed to reveal technical details of a series of cross-site scripting vulnerabilities involving Facebook applications during September.
theharmonyguy plans to give developers 24 hours' advance notice about flaws involving their web applications before exposing them publicly. The project takes its cue from July's Month of Twitter Bug project, during which security researcher Aviv Raff applied a similar idea to the disclosure of security flaws involving Twitter and associated services.
Some computer viruses have a crude but scary ability to spy on people by logging every keystroke they type. Now hackers and potentially law enforcement have another weapon: a virus that can eavesdrop on voice conversations that go over computers instead of a regular phone line.
The capability has been shown in a new "Trojan horse" virus that records Voice over Internet Protocol (VoIP) calls through the popular Skype service. Skype calls are free or low cost and can work between two computers or between one computer and a phone.
| Hi all. Not a ton of good news this week (a lot of torrent-related news in the TPB article though). As usual, you can find last week's news here. |
No longer the province of teens and chat-obsessed netizens, instant messaging is being adopted by a growing number of banking malware applications, which zap pilfered credentials to thieves in real time.
The latest entrant is Zeus, a trojan that monitors an infected PC for passwords entered into banking websites and other financial services. Over the past three months, investigators from RSA FraudAction Research Lab have observed the program, which also goes by the name Torpig and Mebroot, using the Jabber IM protocol to make sure the most valuable credentials don't get lost in the shuffle.
Networking nerds claim to have devised a way of breaking Wi-Fi Protected Access (WPA) encryption within 60 seconds.
The technique, developed by Toshihiro Ohigashi of Hiroshima University and Masakatu Morii of Kobe University, is based on the established Becks-Tews method, which involves making minor changes to packets encrypted with TKIP - Temporal Key Integrity Protocol, a WPA security mechamism - and then sending those packets back to the access point.
he Chaos Computer Club has told the FT that in the couple of months it will be releasing code capable of cracking GSM with just a laptop and an antenna.
In comments made to the German edition of the Financial Times, the hacking group claims that governments, and criminals, are already using the technique which can break the encryption used to protect 2G GSM calls in near-real time using existing systems. The group says a public exposure of the technique will take place in the next month or two and allow anyone equipped with a laptop and an antenna to listen in to GSM phone calls.
Stockholm district court made the order on 21 August, saying ISP Black Internet would be fined 500,000 kronor (£43,000) if it did not comply.
The court order was the result of legal action brought against The Pirate Bay by the music and film industry.
However, TPB was back online within a few hours with a new carrier.
In a press release, parodying Winston Churchill's famous speech of 1940, the Pirate Bay team said they would keep the site running "for years if necessary".
Fresh off a set of legal wins against The Pirate Bay, the music and movie industries have just scored another court victory against the massive BitTorrent search engine Mininova. A Dutch judge in Utrecht has given Mininova three months to purge all links to copyrighted content from its site—or pay up to €5 million in penalties.
As with The Pirate Bay, Mininova's operators weren't accused of copyright infringement. In a peer-to-peer system, the actual files being transferred reside on millions of computers around the globe, and thus any direct infringement would be the responsibility of those users. But, like most countries, the Netherlands recognizes "contributory copyright infringement," which was the charge in this case.
Apple and China Unicom have finally succeeded in reaching an agreement to bring the iPhone to China. Details are scarce at this point, but China Unicom officials revealed during a press conference on its recent financial results that it has made a three-year deal to sell the iPhone, and it should go on sale later this year. "This will provide users with brand new communication and information experience," according to a statement released by China Unicom.
The deal is the result of a long and winding process. Apple originally hoped to work out a deal with China Mobile, the country's largest carrier. However, China Mobile balked at Apple's original revenue sharing model. When Apple launched the iPhone 3G and moved to a more common subsidized model, negotiations began again with China Mobile, but supposedly broke down over operation and control of the App Store.
The website of Apache was taken offline for several hours on Friday after the SSH remote administration key on one of its servers was compromised.
SSH is a widely used technology for remote administration, so in the worst scenario the compromise created a means for hackers to upload Trojanised code onto the download section of Apache's website. Around 50 per cent of webservers run Apache, according to the latest stats from Netcraft, so any problem would be extremely widely felt.
It's unclear at present whether any code on the Apache website was actually modified. Nor do we know how the attack was carried out or who was behind it.
Whether you're searching for a storefront in a strange neighborhood or drunks passed out on the curb, Google Street View can be an extremely helpful tool. Street View has drawn its share of critics, however, and we can now add the government of Switzerland to that list. Just days after launching Street View in Portugal, Switzerland, and Taiwan, the search giant has been told by the Swiss Government that it needs to yank the Street View from its Swiss maps, a development that has left the search giant "surprised."
Hanspeter Thür, the Swiss Federal Data Protection and Information Commissioner (FDPIC), has accused Google of not having taken the necessary steps to safeguard the privacy of Swiss citizens. Thür has demanded that "Google Inc. immediately withdraw its online service Google Street View concerning Switzerland," according to a statement.
| Hi all. Enjoy  As usual, you can find last week's news here. |
Amazon, Microsoft and Yahoo will sign up to the Open Book Alliance being spearheaded by the Internet Archive.
They oppose a legal settlement that could make Google the main source for many online works.
"Google is trying to monopolise the library system," the Internet Archive's founder Brewster Kahle told BBC News.
"If this deal goes ahead, they're making a real shot at being 'the' library and the only library."
Getting caught file sharing in Finland apparently carries far fewer financial repercussions than in the US. A man who was found sharing 164 albums' worth of music (768MB) and had illegally downloaded 1,850 tracks will be forced to pay fines of €3,000, or about US$4,230. Needless to say, that's a far cry from the penalties handed to American file sharers as of late.
A district court had ruled in February of 2008 that the unnamed man was guilty of various copyright violations and would have to fork over the cash for damages. During his appeal, the man argued that while he was aware the file sharing took place on his machine, it wasn't him who did it (was it the cat?). The appeals court in Helsinki, however, didn't buy this excuse and upheld the lower court's ruling.
Organic light emitting diodes, or OLEDs, promise to bring a great deal of flexibility to where we can put a display—literally. Because of their organic components, it should be possible to create flexible and transparent displays, opening up a large number of potential uses. But now, just as OLEDs may finally be ready for the consumer market, some engineers have figured out a way to get many of the same properties using inorganic LEDs (ILEDs), using a method that's so simple, even a biologist could understand it. It's a few years away—at least—from commercialization, but it's a significant advance.
The paper that describes the process will be published today in Science. The basic idea is that, since LEDs are so efficient at converting electrical charges to light, the human eye can detect the light of very small LEDs. As a result, it's possible to make a display out of a surface where only a small fraction is occupied by the actual LEDs, which can be small enough to be invisible to the naked eye. Under these conditions, the display will take on the properties of whatever material the LEDs are embedded in: bendable, transparent, etc.
Symantec is out with its "Dirtiest Web Sites of Summer 2009," which it's calling "the worst of the worst" when it comes to malware threats.
The security vendor says that "48 percent of the Dirtiest Web Sites are, well, dirty--sites that feature adult content." That means that more than half the sites cover a wide range of other categories including legal services, catering, figure skating, and electronics shopping, according to the report.
On average, sites on the dirtiest list have 18,000 threats per site, but 40 of the sites have in excess of 20,000 threats. One site that appears to offer restaurant catering services has 23,414 computer threats
Australian Federal police have been humbled after boasting of taking over an underground cybercrime forum - only for hackers to break into a federal police computer system, the Sydney Morning Herald reports.
Police computer security experts claimed responsibility for taking over the r00t-you.org cybercrime forum as part of a sting operation on ABC's Four Corners TV programme on Monday night entitled Fear in the Fast Lane. The Feds had reportedly configured their own systems as a honeypot designed to track and trace denizens logging into the forum. Police gained access to the forum not through infiltration but after raiding the Melbourne home of the forum's alleged administrator last Wednesday.
Over the years, Kevin Mitnick has gotten used to the attacks on his website and cell phone account that routinely result from being a convicted hacker turned security expert. What he finds much harder to stomach is the treatment he's getting from his providers.
Over the past month, both HostedHere.net, his longtime webhost, and AT&T, his cellular provider since he was released from prison more than nine years ago, have told him they no longer want him as a customer. The reason: his status as a celebrity hacker makes his accounts too hard to defend against the legions of script kiddies who regularly attack them.
The $7.4bn (£4.5bn) deal was agreed by the two in April this year, but still needs approval from the European Commission before it can be concluded.
The acquisition gives Oracle control over Java, a key programming language used in its products.
The takeover had been held up over questions about licensing Java.
PayPal has generated its fair share of controversies over the years, but it has begun to stir up another one by adding new transaction fees that affect all customers—without telling anyone about them. The company slipped the fees in with a more general update to its "send money" service in June, but because the changes were so well hidden, the Internet has been slow to wake up to what amounts to a good increase in PayPal's income.
Under the previous system, fees were charged based on the type of account the receiver was using as well as where the money was coming from. If the receiver was a premium or business account owner, he or she was charged 30¢ plus 2.9 percent of the transaction—the same applied to all accounts if the money was coming from a credit or debit card instead of a PayPal balance or directly from a bank account. People using personal accounts could make all these payments to anyone else for free.
A Miami man and two unidentified computer hackers were charged with stealing 130 million credit and debit card numbers in what the Justice Department said was the largest such prosecution in U.S. history.
Albert Gonzalez, a 28-year-old Miami resident, and two hackers living “in or near Russia” were indicted yesterday by a federal grand jury in Newark, New Jersey, for stealing data from Heartland Payment Systems Inc., 7-Eleven Inc., Delhaize Group’s Hannaford Brothers Co. and two unidentified national retailers.
| Hi all. Enjoy As usual, you can find last week's news here. |
Gills Onions, which both grows the eponymous crop and claims to operate the largest onion processing facility in the US, doesn't do things on a small scale. The cost of removing the onion waste left over after packaging was costing it over $400,000 a year, so the company looked for a way to reduce or eliminate that waste. Through a partnership with the Southern California Gas Company, Gills eventually found a way to turn this waste stream into 600kw of electricity. We talked with Hal Snyder, the VP of Customer Solutions for SoCalGas, to get the details on this project.
Snyder said that Gills had a history of working with SoCalGas on energy efficiency work, and the collaboration on this project was an extension of that relationship. The onion waste—the tops, bottoms, and skins left over after an onion is cut for packaging—provided a tempting target. "Any organic material has the potential for creating energy," as Snyder put it. The initial thought was that all of the onion could be processed for fuel, but cellulose bioreactors are still very much at the developmental stage.
When planning first started for the completion of the human genome, some argued that we would need an entirely new approach to DNA sequencing in order to get things done within a reasonable time span. Instead, success came via a brute force approach: robots prepared DNA samples 24 hours a day and fed the results to machines that could perform a hundred traditional sequencing reactions in parallel.
Now, one machine can do the job in a single month.
RealNetworks suffered a serious blow late Tuesday night in its ongoing DMCA drama with the movie studios. Judge Marilyn Patel granted a temporary injunction against the company, barring it from selling its RealDVD copying software thanks to language in Real's license with the DVD Copy Control Association (DVD CCA). Patel did not directly include the issue of fair use as part of her ruling, though she did make an observation about its relevance to the DMCA, asserting that it can't be used as a defense against DMCA circumvention violations.
This case addresses both RealDVD (a software package) and, to a lesser extent, a prototype hardware product that would have ripped DVDs directly to a hard drive and hosted the files as a media server. Real originally tried to launch RealDVD in September of 2008 as a product which could rip DVDs to a user's hard drive and play them back, while leaving CSS encryption intact. The software did not modify or change the files, and—unlike similar software packages—Real had even obtained an official license from the DVD CCA to do so. Sounds like everything was on track, right? Wrong.
Yesterday, a judge issued an injunction that, if it remains in force, would compel Microsoft to stop selling recent versions of its phenomenally popular program, Word.
The injunction is the latest round in an intellectual property battle that's been brewing since May, when a jury found Microsoft guilty of infringing a patent held by a Canadian company called i4i. Ironically, the patent in question covers a method of separating formatting information from runs of text when documents are written to files—something Microsoft itself received a patent for just this week. Unfortunately, the folks in Redmond filed theirs six months behind the competition.
The i4i patent in question was filed in June of 1994 (and granted in 1998), whereas Microsoft's dates from December of that year. It describes a general method of handling the formatting information in documents by separating it out from the text that's being formatted. In this sense, it's a superset of Microsoft's new patent, which claims similar capabilities but is exclusively targeted to XML file formats.
A Washington state man who admitted using the LimeWire file-sharing program to steal tax returns and other sensitive documents has been sentenced to more than three years in federal prison.
Frederick Eugene Wood of Seattle was ordered to serve 39 months for a fraud scheme that prosecutors said was a "particularly pernicious and devious one." In it, Wood would search the hard drives of LimeWire users for files that contained words such as "statement," "account" and "tax.pdf." He would then download tax returns, bank statements, and other sensitive documents and use them to forge counterfeit checks and steal the identity of the individuals who filled out the documents.
Linux developers have issued a critical update for the open-source OS after researchers uncovered a vulnerability in its kernel that puts most versions built in the past eight years at risk of complete takeover.
The bug involves the way kernel-level routines such as sock_sendpage react when they are left unimplemented. Instead of linking to a corresponding placeholder, (for example, sock_no_accept), the function pointer is left uninitialized. Sock_sendpage doesn't always validate the pointer before dereferencing it, leaving the OS open to local privilege escalation that can completely compromise the underlying machine.
Many expected Google or even Twitter to buy the company, which has been praised for its "real-time" search engine.
This type of search is valuable because it lets you know what is happening right now on any given subject.
"Google look out, Facebook knows the real money is in real-time search," said respected blogger Robert Scoble.
Although still in the testing phase, the firm says it is the "first step in improving the speed, accuracy and comprehensiveness of search results".
The new engine will replace Google's current one after tests are complete.
Martin McNulty of search marketing specialist Trafficbroker said the upgrade threatened to put Microsoft's new engine, Bing, "in the shade".
The company issued a statement after one owner discovered his phone was sending data every day back to Palm.
The information included the current location of the phone and how long each application was used for.
In its statement, Palm said it took users' privacy "seriously" and said it gave phone owners ways to turn features on and off.
| Hi all. Sorry for late again guys, weekend ended up a little hectic. Forgive me? As usual, you can find last week's news here. |
Braving triple-digit heat, mean hangovers and an incredibly hostile network, roughly 10,000 hackers, security experts, feds, spies and various other “computer enthusiasts” took over the Riviera last weekend for the world’s largest hacking convention, DefCon.
This year there was no shortage of interesting developments, including a hacked ATM, hacked badges, hacked parking meters, hacked locks, hacked feds, hacked video cameras and more.
Security researchers have uncovered critical flaws in open-source software that implements the Extensible Markup Language in a staggering array of applications used by banks, e-commerce websites, and consumers.
The bugs uncovered by researchers at Finland-based Codenomicon were contained in virtually every open-source XML library available, Ari Takanen, CTO of Finland-based security testing firm Codenomicon, told The Register. Many of them could allow attackers to crash machines running applications that use the libraries or even remotely execute malicious code. The Python and Java programming languages and Apache Xerces are already known to be affected, and Takanen said many more could be as well.
A Japanese TV station broke a major piece of news on the progress of China Blue High Definition (a China-grown competitor to Blu-ray) in the China market last week, but the English-language technology press, through a translation mistake, misreported the news. It turns out that CBHD penetration in China appears to have hit a staggering 30 percent, in only a few months on the market.
Domain name investing has been around almost as long as domain names were open for purchase by the general public, and the practice has picked up since the mid-90s, as companies stake out their spot on the digital frontier. Domain names can be so valuable, in fact, that people actually steal them to sell to unsuspecting companies or other domain name investors. The legal process to combat a domain name thief is complicated at best, but there is hope, as police have arrested a man accused of stealing the domain P2P.com.
An initial investigation by Florida police, where the victims reside, was dropped for lack of evidence. The rightful owners of P2P.com then filed a civil suit as they believed it was their only recourse. However, Detective Sergeant John Gorman of the New Jersey State Police Cyber-Crimes Unit later reviewed the case, and asked the victims if they wanted to pursue the case in New Jersey, where the alleged thief lived. Based on evidence gathered for the civil suit, the NJ District Attorney approved an indictment. On July 30, Daniel Goncalves, a 25-year-old computer technician for a NJ law firm, was arrested at his home and his computers were seized.
Microsoft has confirmed that Windows 7 E, a version that was meant to ship without Internet Explorer 8 installed, would never see the light of day. The announcement comes even though the replacement solution, a browser ballot screen, has not yet been approved by the EU. With talk of this alternative, many were expecting that Windows 7 E was going to be pronounced dead before release, but Redmond has made it official via the Microsoft on the Issues blog.
The war over network neutrality has been fought in the last two Congresses, and last week's introduction of the "Internet Freedom Preservation Act of 2009" (PDF) means that legislators will duke it out a third time. Should the bill pass, Internet service providers will not be able to "block, interfere with, discriminate against, impair, or degrade" access to any lawful content from any lawful application or device.
ISPs would also be forbidden to "impose a charge" on content providers that goes "beyond the end-user charges associated with providing the service to such a provider." In other words, AT&T doesn't have to let Google "use its pipes for free," but it can only collect the money is owed through customary peering and transit arrangements.
The Smoking Gun this week released the results of its lengthy investigation into PrankNet, an online community specializing in disturbing phone pranks. The operators operated under a veil of anonymity, covering their tracks and using Skype to place non-traceable phone calls. When TSG eventually exposed the ringleader as a young man living in Canada, however, the results were predictably pathetic.
For anyone with a little bit of technical know-how, modifying video game systems for various purposes is easy... and can even make you a little bit of money. The problem? Modifying the firmware in video game systems to play pirated games or even your own backups is illegal. Twenty-seven-year-old Matthew Lloyd Crippen learned the hard way that Immigration and Customs Enforcement doesn't have a sense of humor about modding systems for profit: the student was arrested after being indicted on two charges of violating the Digital Millennium Copyright Act for selling modded systems. The question some gamers are now asking themselves: am I breaking the law? The answer is not comforting.
For Crippen, each charge carries a maximum penalty of five years in jail, so there is a possibility that Crippen could be staring down the barrel of ten years imprisonment. Crippen was charging a around $30 per job, and the authorities seized around a dozen hacked consoles. "This if for your legally made backups," he claimed when talking to Threat Level. "If you're talking about piracy, I'm not helping you out." The law doesn't agree, especially since he was aware of the ability to play pirated games on his hacked systems, and profited—even in such a limited way—from his work.
It turns out yesterday's major distributed denial-of-service (DDoS) attacks that shut down Twitter for hours and disrupted Facebook and LiveJournal came out of a targeted attack waged against one individual with accounts on all of the sites.
A pro-Georgian blogger called "Cyxymu" was apparently the intended target of the massive DDoS that knocked down Twitter and caused major slowdowns on Facebook and LiveJournal when a botnet apparently blasted waves of traffic at his accounts on the sites simultaneously in an effort to shut down his communiques.
| Hi all. Was Black Hat last week y'all, be sure to check out the first story for all the fun stuff As usual, you can find last week's news here. |
A larger conference means not one but two keynote addresses. One is from Richard Clarke, President Bush's former special adviser on cyberspace security. Clarke, whose 2002 Black Hat keynote speech stated that software vendors and Internet providers must share the blame for malicious software, is now with Good Harbor Security. This year, he will talk about those "who seek truth through science, even when the powerful try to suppress it." The other keynote speaker will be Tony Sager, vulnerability chief of the National Security Agency, who will talk about creating government security standards while working with commercial vendors.
Unlike last year, when Microsoft hosted an entire series of sessions focusing on the yet-to-be released Windows Vista platform, there will be no similar tracks offered this year. Returning tracks include sessions on voice services security, forensics, hardware, zero-day attacks and zero-day defenses. New tracks include operating system kernels, application security, reverse engineering, fuzzing and the testing of application security.
A vulnerability in BIND creates a means for miscreants to crash vulnerable Domain Name System servers, posing a threat to overall internet stability as a result.
Exploits targeted at BIND (Berkeley Internet Name Domain Server) version 9 are already in circulation, warns the Internet Software Consortium, the group which develops the software. ISC urges sys admins to upgrade immediately, to defend against the "high risk" bug.
Sys admins are urged to upgrade BIND servers to versions 9.4.3-P3, 9.5.1-P3 or 9.6.1-P1 of the software, which defend against the flaw.
Microsoft's Bing search engine will power the Yahoo website and Yahoo will in turn become the advertising sales team for Microsoft's online offering.
Yahoo has been struggling to make profits in recent years.
The card will be offered to members of the public in the Greater Manchester area from the end of this year.
Ministers plan to launch the £30 biometric ID card nationwide in 2011 or 2012 - but it will not be compulsory.
Opposition spokesmen said it was a "colossal waste of money" and civil liberty groups said it was "as costly to our pockets as to our privacy".
The Boston University student, Joel Tenenbaum, had admitted in court that he had downloaded and distributed 30 songs at issue in the case.
It is the second such case to go to trial in the US.
In the first case, a woman in Minneapolis was ordered to pay $1.92m for sharing 24 songs.
On Friday, the jury ordered Mr Tenebaum to pay $22,500 for each infringement. The maximum that he could have been fined was $4.5m.
Although not without controversy, the initial testing of the Australian government's Internet filtering system has gone off fairly well, according to reports from some of the participating ISPs. Five of the nine ISPs testing the government's filtering system reported few problems during testing, even though only 15 customers participated at one and a couple of customers at another were unable to access a completely legal porn site. The other four IPs have either yet to comment on the filter's performance or have refused to talk publicly about the results.
Australia's government first announced its intention to add a Great Barrier Reef of sorts around the nation's virtual shores nearly two years ago, in August 2007. Initial testing began in the island state of Tasmania in February 2008, with cost estimates running as high as AUS$189 million (about US$154 million). The filters were originally intended to be on by default, with consumers able to opt out.
The score was Pirates 1, Microsoft 0, but Redmond has tied it up. Microsoft has blacklisted the Lenovo OEM master key that leaked earlier this week, explaining that "Windows 7 already includes an improved ability to detect hacks, also known as activation exploits, and alert customers who are using a pirated copy" and that "Windows Activation Technologies included in Windows 7 are designed to handle situations such as this one, and customers using these tools and methods should expect Windows to detect them." Microsoft and Lenovo worked together to solve the issue, according to the Genuine Windows Blog:
We've worked with that manufacturer so that customers who purchase genuine copies of Windows 7 from this manufacturer will experience no issues validating their copy of Windows 7. At the same time we will seek to alert customers who are using the leaked key that they are running a non-genuine copy of Windows. It's important to note that no PCs will be sold that will use this key.
Gary McKinnon has lost his high court bid in the U.K. to avoid extradition to the U.S. for hacking into military systems.
McKinnon had tried to argue that former home secretary, Jacqui Smith, was legally wrong to push for the extradition despite his diagnosis of Asperger's syndrome and that the director of public prosecutions was also wrong to opt for extradition despite having sufficient evidence to prosecute McKinnon in the U.K.
However, Lord Justice Stanley Burnton and Justice Alan Wilkie dismissed both claims on Friday. McKinnon now has 28 days to launch an appeal at the Royal Courts of Justice. According to his solicitor, Karen Todner, McKinnon and his legal team will also appeal to the Law Lords, and Todner has made a fresh approach to President Obama
An Amsterdam court has ordered The Pirate Bay to block all Dutch visitors to its website, threatening the site administrators with daily fines for noncompliance.
Dutch antipiracy group Stichting BREIN, whose website is still down from an extended denial of service attack, filed a suit against the three Pirate Bay administrators who were found guilty earlier this year of aiding copyright infringement in Sweden—despite the fact that the three claim not to own the site. (They say it is owned by a Seychelles company called Reservella.)
None of the men showed up in the Dutch court, claiming they had heard nothing of the lawsuit (BREIN says that it contacted them through mail, e-mail, Twitter, and Facebook). Peter Sunde, The Pirate Bay's most public face, also announced that he was filing a defamation suit (in Sweden) against Tim Kuik, BREIN's chief.
This weekend did not go well for AT&T. The broadband provider began blocking access to parts of 4chan on Sunday (img.4chan.org, which of course includes /b/) thanks to what AT&T says was a denial of service attack coming from that domain. AT&T was uncommunicative with customers at the onset of the 4chan blockage, leaving many users questioning whether the telecom was trying to censor 4chan. AT&T's official silence on the matter also led some 4chan denizens to launch attacks against the company.
The block began in the early evening Sunday and went on through the night, with numerous users (including some of our own staff members) confirming that they were unable to access 4chan's image servers. Why? According to an Anonymous posting on 4chan itself, it seems as if there were hundreds of thousands of connections being made from the IP address of the image server (888,979 at the time of that posting, to be exact).
A new and very impressive attack against AES has just been announced.
Over the past couple of months, there have been two (the second blogged about here) new cryptanalysis papers on AES. The attacks presented in the paper are not practical -- they're far too complex, they're related-key attacks, and they're against larger-key versions and not the 128-bit version that most implementations use -- but they are impressive pieces of work all the same.
This new attack, by Alex Biryukov, Orr Dunkelman, Nathan Keller, Dmitry Khovratovich, and Adi Shamir, is much more devastating.
| Hi all. Enjoy As usual, you can find last week's news here. |
In a disclosure that has implications for the security of e-commerce and Web 2.0 sites everywhere, a researcher has perfected a technique for stealing unique identifiers used to prevent unauthorized access to email accounts and other private resources.
Websites typically append a random sequence of characters to URLs after a user has entered a correct password. The token is designed to prevent CSRF (cross-site request forgery) attacks, which trick websites into executing unauthorized commands by exploiting the trust they have for a given user's browser. The token is generally unique for each user, preventing an attacker from using CSRF attacks to rifle through a victim's account simply by sending a generic URL to a website.
A breach at Network Solutions has exposed details for more than 500,000 credit and debit cards after hackers penetrated a system it used to deliver e-commerce services and planted software that diverted transactions to a rogue server, the hosting company said late Friday.
The unauthorized software was in place from March 12 to June 8 and affected transactions Network Solutions processed on behalf of 4,343 merchant websites that mostly belonged to small businesses, spokeswoman Susan Wade said. While the company discovered the software in early June, it waited until the close of business Friday to disclose the breach. Wade said it took until July 13 for forensics investigators to crack the code and understand how it worked.
Palm passive-aggressively fired back at Apple in its 1.1.0 update to the Pre's webOS Thursday night. Among the handful of changes that came with the point update, the software restores syncing functionality with iTunes after Apple unceremoniously "fixed" the "problem" last week. The move is the latest in this high-profile cat-and-mouse game between Apple and Palm, and Palm seems to be willing to keep poking the fate bear—but to what end?
webOS 1.1.0 isn't all about iTunes compatibility. Among other things, it contains a number of useful updates to the Pre, including better timezone support in the Clock application, improved syncing with Google when you edit a Google contact, and the addition of emoticons in text, multimedia, and instant messages. The software also gained some enterprise features in the form of Exchange ActiveSync (EAS) support that allows for remote wipe, PIN/passwords, inactivity timeouts, and improved certificate handling.
The technique exploits simple physics and can be used to charge a range of electronic devices over many metres.
Eric Giler, chief executive of US firm Witricity, showed mobile phones and televisions charging wirelessly at the TED Global conference in Oxford.
He said the system could replace the miles of expensive power cables and billions of disposable batteries.
"There is something like 40 billion disposable batteries built every year for power that, generally speaking, is used within a few inches or feet of where there is very inexpensive power," he said.
Although Intel may have been hit with a bigger fine, the multi-year saga of Microsoft's fight with the European Union's Competition Commission may have run up larger legal bills, given its longevity. The most recent point of contention between Redmond and Europe has been the browser; Microsoft bundles its own with its operating systems, but the EU views that as using monopoly power to the detriment of potential competitors.
Earlier this month, word came out that Microsoft was looking to make this matter go away, and it may have succeeded; the European Commission has just announced that Microsoft has agreed to proposed EU remedies and is willing to offer a "browser ballot" to new users.
Microsoft is contributing approximately 20,000 lines of source code to the Linux kernel with the aim of improving support for running the Linux operating system in virtualized environments on Windows servers. The move is part of a broader trend at Microsoft towards collaboration with the open source software community.
Prominent Linux kernel developer Greg Kroah-Hartman announced the code submission today in a message posted to the Linux kernel mailing list. He says that the new drivers contributed by Microsoft will soon land in the staging tree where they will undergo some refinement before they are merged directly into the mainline kernel. Microsoft is making the code available under the terms of GNU's General Public License (GPL), the open source software license that is used by the Linux kernel.
Intel has announced two new solid state disk drives made on its leading-edge 34nm process. The two new SSDs are X25M SATA parts weighing in at 80GB and 160GB, and they're meant to replace Intel's existing X25M drives in those capacities, but at 60 percent less cost and with better performance. The 80GB X25-M is $225 in lots of 1,000 (down from $595), and the 160GB is $440 (from $945). That's some serious discounting, and it may well drive even more SSD uptake in the coming quarters despite the ongoing IT spending crunch.
So what do you get for 60 percent less? In a word, speed. The new drives boast a 25 percent reduction in read latency, which was already about 60x the speed of an average hard disk; write performance has also doubled with this new generation.
The government could be building a giant map of social networks using Facebook and Twitter, scraping MySpace pages, or mining the metadata associated with cellular phone calls in order to look for communication patterns. On the other hand, all of that computer power that the NSA is aggregating at the datacenters that are coming online could just be for the limited purpose of snooping voice calls and e-mail coming into and out of the US, but such narrow use is unlikely.
What the NSA is doing with its massive and growing capabilities is still a secret, but it's probably an extension of DoD efforts at mapping social networks that extend back to the early part of the decade. A new EFF lawsuit filed this week could finally shed at least a little more light on the nature of these classified activities, so that we can know for sure whether some descendent of John Poindexter's Total Information Awareness program lives on at the NSA.
There were other features taking higher billing in the iPhone 3GS' announcement than its hardware-level encryption -- hell, even the magnetic compass was getting more play -- but it's there, and Apple's actively marketing the bit-scrambling capability to enterprise clients. Problem is, hackers are apparently having a field day with it, rendering it useless in all but name.
| C++ | ||
| C | ||
| HTML | ||
| JavaScript | ||
| Perl | ||
| PHP |
| Hi all. Enjoy As usual, you can find last week's news here. |
Police in the Australian state of Queensland are to go on the hunt for unsecured wireless networks.
Claiming that "the crooks are out there driving around trying to identify these [open] networks", Queensland Police Detective Superintendent Brian Hay told local site ITnews that the Boys in Blue will now do the same.
Folk found to be in possession of an un-WEPed WLAN will be warned of the dangers they face, as will wireless router owners who enabled security but retained the default password.
A recently published attack exploiting newer versions of the Linux kernel is getting plenty of notice because it works even when security enhancements are running and the bug is virtually impossible to detect in source code reviews.
The exploit code was released Friday by Brad Spengler of grsecurity, a developer of applications that enhance the security of the open-source OS. While it targets Linux versions that have yet to be adopted by most vendors, the bug has captured the attention of security researchers, who say it exposes overlooked weaknesses.
An investigation by Canada's privacy commission found the US-based website also gave "confusing or incomplete" information to subscribers.
Facebook says it is aiming to safeguard users' privacy without compromising their experience of the site.
More than 200 million people actively use Facebook.
They include about 12 million in Canada, more than one in three of the population.
Amazon.com shocked customers yesterday when it reached out to hundreds, if not thousands of Kindles and simply deleted texts that users had not only purchased, but had started to read. A literary coitus interruptus, Amazon spoiled the readers' descent into Orwellian masochism with nary a warning or apology.
Sometime on Thursday, users had an eerie feeling that they were being watched, receiving emails stating that their purchases were being refunded. When they connected to the Kindle's WhisperNet, the purchases in question were automatically deleted. Some could only wonder: how often could this happen? Perhaps theThought PoliceAmazon Customer Service team could cut off your books whenever they wanted to.
Earlier this year, Mozilla's design gurus began exploring the possibility of improving on the principle of tabbed browsing. They launched a discussion about various ways to transcend the limitations imposed by the current tab system.
To encourage broader community participation in this discussion, Mozilla Labs launched a competition and called for designers to submit mockups and concept art that depicted new ideas and interfaces for tabbed browsing. The results of the Summer Design Challenge were announced this week and Mozilla has published the best entries.
If you think you're safe from man-in-the-middle (MITM) attacks as long as you're visiting an Extended Validation SSL (EV SSL) site, then think again: Researchers will release a new tool at Black Hat USA later this month that lets an attacker hack into a user's session on an EV SSL-secured site.
Mike Zusman and Alex Sotirov -- who in March first demonstrated possible MITM attacks on EV SSL at CanSecWest -- will release for the first time their proxy tool at the Las Vegas conference, as well as demonstrate variations on the attacks they have discovered. The Python-based tool can launch an attack even with the secure green badge displaying on the screen: "It doesn't alert the user that anything fishy is going on," says Zusman, principal consultant at Intrepidus.
An update pushed out to BlackBerry users on the Etisalat network in the United Arab Emirates appears to contain remotely-triggered spyware that allows the interception of messages and emails, as well as crippling battery life.
Sent out as a WAP Push message, the update installs a Java file that one curious customer decided to take a closer look at, only to discover an application intended to intercept both email and text messages, sending a copy to an Etisalat server without the user being aware of anything beyond a slightly excessive battery drain.
A technical snafu left some Visa prepaid cardholders stunned and horrified Monday to see a $23,148,855,308,184,500 charge on their statements.
Josh Muszynski noticed the 17-digit charge while making a routine balance inquiry.
That's about 2,007 times the size of the national debt.
Josh Muszynski, 22, of Manchester, New Hampshire, was one Visa customer aghast to find the 17-digit charge on his bill. Adding insult to injury, he had also been hit with a $15 overdraft fee.
An unidentified hacker has exposed confidential corporate and personal information belonging to microblogging site Twitter and its employees after breaching electronic accounts belonging to several people close to the company.
The episode is the latest reminder that the convenience of cloud-based services that store spreadsheets and other information online cut both ways. While they make it easy to access personal notes from anywhere in the world, they also open up the information to theft - especially when the owners are highly public individuals who didn't take due care to safeguard the data in the first place.
| Hi all. Enjoy As usual, you can find last week's news here. |
Predicting a person's social security number is a lot easier than previously thought, according to new scientific research that has important implications for identity theft.
Armed with publicly available information about where and when an individual was born, researchers from Carnegie Mellon University were able to guess the first five digits of a SSN on the first try for 44 percent of people born after 1989. The success rate balloons to as high as 90 percent for individuals born after 1989 in less populous states such as Vermont. Success rates also rise when the researchers got more guesses. The first five digits for six of 10 SSNs can be identified with just two attempts.
The slow loris is an exotic animal of southeast Asia that is best known for its slow, deliberate movements. This characterizes the technique used by a new Denial of Service (DoS) tool that has been named after the animal. Slowloris was released to the public by security researcher "RSnake" on June 17. Unlike previously utilized DoS methods, slowloris works silently. Still, it results in a quick and complete halt of the victim's Apache web server.
A North Carolina teenager has been arrested and accused of phoning in bomb threats to schools and universities so he could charge admission for people to watch in real time over webcams as police responded.
Ashton C. Lundeby, 16, of Oxford, North Carolina took part in a group that used VoIP, or voice over IP, software and online gaming services to pull off the public stunts, which attracted hundreds of spectators, according to documents filed in federal court in Indiana Wednesday. Lundeby made bomb threats against 13 colleges or schools from the middle of 2008 through early March, prosecutors allege.
Websites belonging to the federal government, regulatory agencies and private companies have been struggling against sustained online attacks that began on the Independence Day holiday, according to multiple published reports.
At time of writing, most of the targets appeared to be afloat. Nonetheless, several targets have buckled under the DDoS, or distributed denial of service, attacks, which try to bring down a website by bombarding it with more traffic than it can handle. FTC.gov was experiencing "technical issues" on Monday and Tuesday that prevented many people from reaching the site, spokesman Peter Kaplan said.
Thousands (Millions?) of sites img src'ing from imageshack are now displaying this hacked image. Certainly one of the largest pwnages I've seen in a long time. This is also the same group which recently hacked Astalvista.
Hoping to protect its top-secret operations by decentralizing its massive computer hubs, the National Security Agency will build a 1-million-square-foot data center at Utah's Camp Williams.
The years-in-the-making project, which may cost billions over time, got a $181 million start last week when President Obama signed a war spending bill in which Congress agreed to pay for primary construction, power access and security infrastructure. The enormous building, which will have a footprint about three times the size of the Utah State Capitol building, will be constructed on a 20
A little piece of Internet history has now been laid to rest, as CompuServe was shut down for good just before this Fourth of July weekend. After some 30 years of service, CompuServe's new owner has finally pulled the plug, leaving us to reminisce about the days when the Internet was young and we were still using modems whose speed was measured in baud.
Most of us remember CompuServe fondly as one of the main Internet services from the 80s and 90s, and associate it with some of our first dabblings in the online world. Along with Prodigy, CompuServe offered a data connection to people across the globe, a connection that few had previously had at home. It set an early example for companies like AOL and even Apple's eWorld that launched in the early-to-mid 90s.
A Russian programmer named Sergey Aleynikov was picked up this past Friday by the FBI for allegedly stealing and passing along code that, if circulating out in the wild, could expose US markets to manipulation and cost Aleynikov's former employer, Goldman Sachs, millions. Bloomberg quotes assistant US Attorney Facciponti saying that "there is a danger that somebody who knew how to use this program could use it to manipulate markets in unfair ways. The copy in Germany is still out there, and we at this time do not know who else has access to it."
So how could a 32MB compressed source code archive pose a threat to markets and to America's most powerful investment bank? The story is actually less complex than it may sound.
Google is building its own operating system aimed at eliminating malware problems at the consumer's desktop.
The company late yesterday announced its work on the new Google Chrome OS, a lightweight OS that sits atop a Linux kernel and will run on X86 and ARM chips.
"We are going back to the basics and completely redesigning the underlying security architecture of the OS so that users don't have to deal with viruses, malware," blogged Google's Sundar Pichai, vice president for product management, and Linus Upson, engineering director. "Most of the user experience takes place on the Web."
| Hi all. Not sure if anyone was caught by the bug in which only 3 stories were visible last week, but this should be fixed from now on. Pleeeeease let me know if it happens again, thanks guys. Sorry for being late people, had a (sober mind you) 21st yesterday. Laser tag is fuuuuuun!!  As usual, you can find last week's news here. |
Quantum computing has the potential to easily crack current cryptography systems, simulate chemical and nanochemical quantum systems, and speed up the search for solutions of certain types of math problems called NP Complete problems. Many have raced to create the world's first quantum processor.
In 2007 D-Wave, a Canadian firm, claimed to have created the world's first quantum computing chip. Debate about whether the chip is a true quantum computer has raged, while the company has continued to release claims of improved "quantum chips" -- with the latest being a 128 qubit chip. Researchers, though, are skeptical of these claims.
Now, researchers at Yale University claim that they have created the world's first solid state quantum processor. The new chip, at the very least is the first processor to be officially reported in a peer-reviewed journal. The research appears in the journal Nature's June 28 advanced publication listing.
A talk demonstrating security weaknesses in a widely used automatic teller machine has been pulled from next month's Black Hat conference after the machine vendor placed pressure on the speaker's employer.
Juniper Networks, a provider of network devices and security services, said it delayed the talk by its employee Barnaby Jack at the request of the ATM vendor. The talk promised to "explore both local and remote attack vectors, and finish with a live demonstration of an attack on an unmodified, stock ATM," according to a description of the talk pulled from the Black Hat website in the past 24 hours.
"Juniper believes that Jack's research is important to be presented in a public forum in order to advance the state of security," the company said in a statement. "However, the affected ATM vendor has expressed to us concern about publicly disclosing the research findings before its constituents were fully protected. Considering the scope and possible exposure of this issue on other vendors, Juniper decided to postpone Jack's presentation until all affected vendors have sufficiently addressed the issues found his research."
Cryptographic researchers have uncovered a chink in the armour of the widely used AES algorithm.
The attacks pose no immediate threat to the security of AES, but they do illustrate a technique for extracting keys that is better than simply trying every possible key combination.
Instead of such a brute force approach, the researchers have derived a technique based on "finding local collisions in block ciphers and enhanced with the boomerang switching techniques to gain free rounds in the middle". Collisions in cryptographic happen when two different inputs produce the same output.
The US Supreme Court this morning refused to hear a final appeal in the Cablevision remote DVR case, thereby bringing the years-long litigation to a close. Despite the continued objections of broadcasters, video providers like Cablevision will be allowed to offer "box less" DVR service to customers.
The central question in the case might seem an arcane one: does it matter where a hard drive lives? Cablevision said no, and prepared to launch a service in which all of the digital video recorder's hardware lived in the cable company's central office. Subscribers would still have to choose which shows to record, how long to keep them for, and when to view them, using their television sets and cable boxes as a front-end to the system. Cable companies would no longer need to service and distribute hundreds of thousands of DVRs to customer homes.
To broadcasters, though, this was an unacceptable blurring of the line between a cable company and a rights holder. In their view, Cablevision had no right to archive and retransmit Their programming at its discretion. They sued.
The Pirate Bay has been sold—and the new owners plan to make it a legal service that allows "content providers and copyright owners [to] get paid for content that is downloaded via the site."
Global Gaming Factory X AB, a Swedish firm that runs Internet cafes and game centers, plans to buy The Pirate Bay for 60 million kronor, twice the fine that was slapped on The Pirate Bay defendants by a Stockholm court earlier this year.
Some black holes are too big. Some black holes are too small. A letter appearing in this week's edition of Nature describes how astronomers may have found one that is just right.
The letter, written by a team of British and French astronomers, does not state that they have found an intermediate mass black hole—one that could be termed just right—but that they have found an object where most other explanations fail to explain its behavior.
The object, 2XMM J011028.1-460421 or (more conveniently) HLX-1, is a source of ultraluminous X-rays near the spiral galaxy ESO 243-49. These X-rays have been postulated to be the product of an intermediate mass black hole, one between 100 and 10,000 solar masses, but to date no candidate object has been widely accepted.
Microsoft's recent lawsuit against TomTom, alleging infringement of filesystem patents, has left many questions unanswered about the legal implications of distributing open source implementations of Microsoft's FAT filesystem. A new Linux kernel patch that was published last week offers a workaround that might make it possible to continue including FAT in Linux without using methods that are covered by Microsoft's patents.
The patent dispute erupted in February when Microsoft sued portable navigation device maker TomTom. Microsoft claimed that TomTom's Linux-based GPS products infringe on several of its patents, including two that cover specific characteristics of FAT, a filesystem devised by Microsoft that is widely used on removable storage devices such as USB thumb drives and memory cards. The dispute escalated when TomTom retaliated with a counter-suit, but it was eventually settled in March when TomTom agreed to remove the relevant functionality.
The Chinese government has decided to delay the implementation of its controversial client-side filtering software, Green Dam Youth Escort. The deadline for PC makers to preinstall or package the software was originally set for July 1, but it has now been pushed back to an unspecified date.
A representative from the Ministry of Industry and Information Technology (MIIT) confirmed to Xinhua that the deadline had been moved at the request of some computer makers. As a result, the deadline of July 1 won't be enforced for PC makers, though the ministry still plans to provide free downloads of Green Dam for schools and Internet cafes as of that date. "The ministry would also keep on soliciting opinions to perfect the preinstallation plan," wrote Xinhua.
| Hi all. Enjoy As usual, you can find last week's news here. |
Social networking sites are legally responsible for their users' privacy, Europe's privacy watchdogs have confirmed. A committee of data protection regulators has said that the sites are 'data controllers', with all the legal obligations that brings.
Users of the sites are also data controllers with legal obligations when they are posting on behalf of a club, society or company, the opinion said.
The committee of Europe's data protection regulators, the Article 29 Working Party, has published its opinion on the legal status of social networking operators such as Facebook and MySpace.
Search giant Google confirmed to the BBC that when the news first broke it feared it was under attack.
Millions of people who searched for the star's name on Google News were greeted with an error page.
It warned users "your query looks similar to automated requests from a computer virus or spyware application".
"It's true that between approximately 2.40PM Pacific and 3.15PM Pacific, some Google News users experienced difficulty accessing search results for queries related to Michael Jackson and saw the error page," said Google spokesman Gabriel Stricker.
The four were found guilty of promoting copyright infringement in April and face jail sentences and hefty claims for damages.
The Pirate Bay's lawyers called for a retrial when it emerged that one of the judges in the case belonged to several copyright protection groups.
The Swedish court said the judge's affiliations did not bias the case.
The Svea Court of Appeal said Judge Tomas Norstrom should have declared that he was a member of the Swedish Association for the Protection of Industrial Property and the Swedish Copyright Association before the case went to trial.
Undisclosed "sponsored" blogging may soon go the way of the dodo, the T. Rex, or the quagga under some strict new guidelines under consideration by the Federal Trade Commission. The FTC says it is looking at bloggers who write about certain products or services in exchange for money or favors from the companies behind them, potentially misleading the Internet-reading public about an apparent conflict of interest. The Commission hopes to introduce new guidelines this summer to better define how bloggers can write about these products.
In case you're not familiar with the practice of "sponsored blogging," imagine that Your Favorite Blog written by Joe Schmoe of Little Rock, Arkansas often gives rave reviews of certain home appliances that he allegedly uses. Joe might have purchased those things himself, and he might really love them—but he might be getting paid by GE to push the company's new washer and dryer. Or, if he's not receiving money, Joe might be the recipient of paid trips to Hawaii or prepaid gift cards. All of these things can and do happen in the blogosphere, and there are no rules on disclosure.
China is filtering out criticism and diving in headfirst with its plan to roll out controversial filtering software on all PCs sold in China. The Chinese media quoted an unnamed source inside the Ministry of Industry and Information Technology, saying that the software will still come with all computers as of July 1 despite the discovery of massive security holes and vulnerabilities by security researchers.
News came out about China's plan to implement Internet access control software, called the "Green Dam Youth Escort" earlier this month. The Windows-only software provides a mix of features, including whitelists, blacklists, and on-the-fly content-based filtering. The blacklists can be updated remotely, however, making Green Dam quite an attractive option for a government that likes to keep tight control over what kind of content its citizens are exposed to.
German music trade group GEMA has won a court judgment against one-click file-sharing service RapidShare, and the Hamburg Regional Court has confirmed that services like RapidShare must implement proactive content filtering to avoid liability.
The decision has been building for more than a year. GEMA went after RapidShare after it became a popular hub for sharing albums online, and in relative safety. In January 2008, another regional court in Düsseldorf found that RapidShare was responsible for what its users uploaded to the service.
So RapidShare implemented a screening process—six full-time staff members vetted content and dealt with infringement complaints, and RapidShare maintained hashes of all files that were pulled down for infringement. Using the hashes, the site would prevent repeat uploads of identical content, though any alteration in the file would render the hash technique useless.
Quick, name the country that plans to impose a mandatory Internet censoring regime that will, among other things, block access to all video games intended for anyone over the age of 15?
Answer: Australia.
The Australian government has pressed ahead with a trial of its proposed Internet filtering system, this despite the fact that—by its own admission—"there are no success criteria as such."
The scheme would involve a mandatory filtering service that would block access to all material "refused classification" by Australia's government-run ratings agency. This includes child pornography, bestiality, truly deviant/abusive sexual behavior... and plenty of video games!
Users reported they could not access either Google's search engine or its Chinese-language version.
Chinese Foreign Ministry spokesman Qin Gang accused Google of spreading pornography and breaking Chinese law.
The move came as the US called on China to scrap its plan to put net-filtering software on all new computers.
| Hi all. Be sure to watch the vid guys, whether you're a jock or a nerd As usual, you can find last week's news here. |
Canada is considering legislation allowing the country's police and national security agency to readily access the online communications and the personal information of ISP subscribers.
"We must ensure that law enforcement has the necessary tools to catch up to the bad guys and ultimately bring them to justice. Twenty-first century technology calls for 21st-century tools," Justice Minister Rob Nicholson said in announcing two new bills at a press conference in Ottawa, the CBC has reported.
The Technical Assistance for Law Enforcement in the 21st Century Act would require ISPs to install "intercept-capable" equipment on their networks and provide police with "timely access" to subscribers' personal information, including names, street addresses, and IP addresses.
A new lawyer, a new jury, and a new trial were not enough to save Jammie Thomas-Rasset. In a repeat of the verdict from her first federal trial, Thomas-Rasset was found liable for willfully infringing all 24 copyrights controlled by the four major record labels at issue in the case. The jury awarded the labels damages totaling a whopping $1.92 million. As the dollar amount was read in court, Thomas-Rasset gasped and her eyes widened.
Kiwi Camara, Thomas-Rasset's lead attorney, spoke briefly after the trial. He told reporters that when he first heard the $80,000 per song damage award, he was "angry about it" and said he had been convinced that any liability finding would have been for the minimum amount of $750 per song.
Universal Music Group has entered into a deal with Virgin Media to offer an unlimited music download subscription service to Virgin's broadband customers in the UK. You read that right—this is a subscription service that lets you download unprotected MP3s that you can keep forever, even after you cancel your subscription. The idea is to lure customers away from pirating music over P2P networks by letting them download legal music to their heart's content, though Virgin is still planning to adopt a system to deal with pirates.
The two companies described the deal as the "world's first" unlimited download subscription service, and said that Virgin Media broadband customers will be able to stream and download as many tracks and albums as they want from Universal's extensive catalog. There will, of course, be a monthly fee (that neither company has chosen to disclose at the time of this writing), but customers will be able to keep their music forever once it's downloaded. There will also be an "entry level" tier for customers who still want in on the action but don't want or need unlimited music.
Congressman Eric Massa represents a district in western New York that's exquisitely sensitive to the current US broadband market. On the phone side, the area, which includes the city of Rochester, is served by Frontier Communications, which shows no indication that it will follow Verizon in offering fiber to the home, while its DSL terms of service suggest that 5GB per month is appropriate usage. On the cable side of the service duopoly, Time Warner used the area as a test market for its brief flirtation with widespread usage caps. At the time, Massa promised to respond to his constituents' outrage by introducing legislation that would regulate the imposition of usage caps; that bill is now ready. It would treat ISPs like utilities, and put the Federal Trade Commission in the role of Public Utilities Commission, ensuring that the service providers had an economic case for imposing usage-based fees.
In making the case for regulation, the bill brings together a few strands of thought that are becoming increasingly common in discussions of the role of government in fostering the development of the Internet. In short, the Internet has become essential for a variety of basic functions—the bill specifically mentions its use for "agricultural, medical, educational, environmental, library, and nonprofit purposes"—making access part of the basic infrastructure. There's also an economic case to be made for broadband, since it allows more sophisticated services and commerce to take place online.
One of the things people tend to forget when posting pictures and personal information online is that a lot of it is only a short Internet search away from their current or potential employers (not to mention their parents). It has now become standard procedure for many employers to sit down with Google and cyberstalk potential employees, while the more savvy hunt down Facebook profiles and Twitter feeds. The city of Bozeman Montana, however, has decided that all of that is too much work—it's now requesting that potential employees hand over the login credentials for any social networking sites they frequent.
Background checks are standard procedure for many jobs, as it allows employers to identify problematic legal histories and things of that nature. Bozeman is no exception, as it uses a waiver form to obtain an applicant's consent to use their Social Security and driver's license numbers to dig into their past. But the form is notable in that about a third of area that needs to be filled out by an applicant is devoted to website information.
A pair of researchers has discovered a way to use modern browsers to more easily build darknets -- those underground, private Internet communities where users can share content and ideas securely and anonymously.
Billy Hoffman, manager for HP Security Labs at HP Software, and Matt Wood, senior security researcher in HP's Web Security Research Group, will demonstrate a proof-of-concept for Veiled, a new type of darknet, at the Black Hat USA conference in Las Vegas next month. Darknets, themselves, are nothing new; networks like Tor, FreeNet, and Gnutella are well-established. The HP researchers say Veiled is the same idea, only much simpler: It doesn't require any software to participate, just an HTML 5-based browser. "We've implemented a simple, new darknet in the browser," Wood says. "There are no supporting [software] programs."
A URL-shortening service that condenses long Web addresses for use on micro-blogging sites like Twitter was hacked over the weekend, sending millions of users to an unintended destination, a security researcher said today.
After Cligs, a rival to the better known TinyURL and bit.ly shortening services, was attacked Sunday, more than 2.2 million Web addresses were redirected to Kevin Saban's blog, which appears on the Orange County Register's Web site. Noticing a dramatic upswing in traffic, Saban -- who uses Cligs in his Twitter messages to shorten URLs -- contacted Pierre Far, the creator of Cligs.
Microsoft has fired a warning shot at online advertising fraudsters with a $750,000 lawsuit against three individuals who allegedly directly bilked advertisers and indirectly deprived Microsoft of potential online advertising revenue through click fraud.
In a June 15 blog post, Tim Cranton, associate general counsel at Microsoft, said the click fraud attacks occurred on online advertisements related to auto insurance and the World of Warcraft online role-playing game.
In his post, Cranton said: "Earlier today, after a thorough investigation, Microsoft filed a civil lawsuit in the U.S. District Court for Western Washington outlining a massive click fraud scheme believed to have impacted Microsoft’s advertising platform and potentially other networks. The case is Microsoft v. Lam, et. al., case number 09-cv-0815."
| Hi all. As usual, you can find last week's news here. |
Cryptographers have found new chinks in a widely-used digital-signature algorithm that have serious consequences for applications that sign email, validate websites, and carry out dozens of other online authentication functions.
The researchers, from Macquarie University in Sydney, Australia, found a way to break the SHA-1 algorithm in significantly fewer tries than previously required. Although the hash function was previously believed to withstand attempts numbering 263, the researchers have been able to whittle that down to 252, a number that puts practical attacks well within grasp of well-funded organizations.
Global Language Monitor (GLM) searches the internet for newly coined terms, and once a word or phrase has been used 25,000 times, it recognises it.
GLM said Web 2.0 beat out the terms Jai ho, N00b and slumdog to take top spot.
However, traditional dictionary makers are casting doubt on the claim and the methods behind it.
The French Constitutional Council has ripped into the new Création et Internet law which would disconnect repeat online copyright infringers, calling the basic premise unconstitutional. "Innocent until proven guilty" remains a central principle of French law, and it cannot be bypassed simply by creating a new nonjudicial authority.
Better known as the "three strikes" law, Création et Internet set up a High Authority in France that would oversee a graduated response program designed to curb online piracy. Rightsholders would investigate, submit complaints to the High Authority (called HADOPI, after its French acronym), and the Authority would take action. Warnings would be passed to ISPs, who would forward them to customers; after two such warnings, the subscriber could be disconnected and placed on a nationwide "no Internet" blacklist.
European buyers of Windows 7 will have to download and install a web browser for themselves.
Bowing to European competition rules, Microsoft Windows 7 will ship without Internet Explorer.
The company said it would make it easy for PC makers and users to get at and install the web browsing program.
In response the European Commission expressed scepticism over the move and whether it would allay accusations of Microsoft abusing its market position.
The final returns are still being counted, but Sweden's Pirate Party (Piratpartiet) has secured at least one seat in today's elections for the European Parliament. According to Sweden's election authority, the Pirate Party has crossed the four percent threshold needed for a seat and currently has 7.1 percent of the vote.
"We have just written political history," said Swedish Pirate Party leader Rick Falkvinge. "Tonight, politicians have learned that doing what the lobby asks will cost them their jobs. We're the largest party in the segment below 30 years of age. That's building the future of liberties."
With more than 700 legislators in the European Parliament (see the complete breakdown), a vote or two won't do much to set the agenda. But for a party formed only a few years ago with a narrow set of concerns, this is an excellent showing.
On Monday, California Governor Arnold Schwarzenegger promoted his state's recently announced initiative, which would see it adopt free, digital textbooks in time for the next school year. The state's current fiscal crisis is an obvious motivating factor, as Schwarzenegger said that the state's share of textbook spending comes in at $350 million a year. But the crisis may simply be accelerating a process that was already under way. For the past several years, the state has run a program designed to evaluate online educational resources and certify that they can be used in a way that is compliant with state educational standards.
In a speech and editorial in which he pushed the program, Schwarzenegger didn't shy from making financial arguments. He suggested that the shift would help both the state and local school districts, which spend their own money for textbook purchases. Once the program is in full swing, a school district with 10,000 high school students could end up with savings in the area of $2 million a year. For now, however, the certification of digital texts will focus on various areas of math and science: Geometry, Algebra, Trigonometry, Calculus, Physics, Chemistry, Biology, and Earth Sciences.
A large internet service provider said data for as many as 100,000 websites was destroyed by attackers who targeted a zero-day vulnerability in a widely-used virtualization application.
Technicians at UK-based Vaserv.com were still scrambling to recover data on Monday evening UK time, more than 24 hours after unknown hackers were able to gain root access to the company's system, Rus Foster, the company's director told The Register. He said the attackers were able to penetrate his servers by exploiting a critical vulnerability in HyperVM, a virtualization application made by a company called LXLabs.
"We were hit by a zero-day exploit" in version 2.0.7992 of the application, he said. "I've heard from other people they've been hit by the same thing."
For 15 years, scientists have benefited from data gleaned by U.S. classified satellites of natural fireball events in Earth's atmosphere – but no longer.
A recent U.S. military policy decision now explicitly states that observations by hush-hush government spacecraft of incoming bolides and fireballs are classified secret and are not to be released, SPACE.com has learned.
The satellites' main objectives include detecting nuclear bomb tests, and their characterizations of asteroids and lesser meteoroids as they crash through the atmosphere has been a byproduct data bonanza for scientists.
| Hi all. As you have likely already noticed, I am a day late yet again. My apologies. My godmother is in town for the first time since I was too young to remember her visit and it's been quite a blast. As the Aussies will know, it is also the Queen's Birthday long weekend, thus I've been busy having fun for the past 3 days  Being a citizen of a nation full of monarchists does have the occasional advantage As usual, you can find last week's news here. |
An open source software project got some good news this week, as a judge dismissed a suit brought by the maker of a commercial alternative. Thomson Reuters, which makes EndNote, an academic reference management product, had filed suit against George Mason University, claiming that its support of the open source Zotero project, which imports EndNote files, was in contravention of the university's license to EndNote. The suit, which requested an injunction against the distribution of Zotero, has now been dismissed. Depending on whether Thomson Reuters appeals or refiles the suit, this may leave Zotero in the clear.
Academic reference managers, which allow their users to keep track of the publications that they cite when writing up their own research, are a fairly specialized market. EndNote has a number of features that make it a compelling option, including a series of filters for online search queries and tight integration with document preparation software, notably Microsoft Word. It also offers one of the few cross-platform options on the market, and has a large library of reference styles to match the formats used by different journals. But there is also a degree of product lock-in, as many researchers have built up libraries of thousands of references over the years.
Secretary of State Hillary Clinton announced a new program at the State Department, the Global Partnership Initiative, earlier this year. The initiative seeks to increase partnerships between the public and private sectors to help solve a number of pressing global issues. One of the first fruits of the Global Partnership Initiative was a series of TED Talks, dubbed TED@State, held yesterday afternoon at the State Department's Dean Acheson Auditorium.
Those in tech circles are likely familiar with TED Talks. They're short (up to 18 minute) presentations, often filled with a variety of insights and prognostications, which primarily happen at the annual TED Conference. TED, which stands for technology, entertainment, and design, began 25 years ago to bring together people from these three fields to discuss "ideas worth spreading." Since its relatively humble beginnings in 1984, however, TED has expanded its scope considerably, adding TED Global and TED India to the conference schedule and sponsoring an annual TED Prize that awards $100,000 grants to three "exceptional" recipients to help grant their "one wish to change the world."
Those waiting anxiously for the next version of Windows now have a date to anticipate. Microsoft has confirmed that Windows 7 will be launched on October 22, 2009. This date, which is referred to as General Availability (GA), is in line with Microsoft's previous statement saying that it would have Windows 7 and Windows Server 2008 R2 ready by the holidays. After the software giant unleashed the official Release Candidate on May 5, it became apparent that development on the follow-up to Vista was close to wrapping up.
Microsoft senior VP Bill Veghte revealed the company's launch plans in an interview Tuesday morning. "The feedback from the release candidate has been good," Veghte told CNET. Furthermore, the RTM (Release to Manufacturing) build is expected to be made available to Microsoft partners in the last two weeks of July, according to Channel 10.
Security experts have discovered a family of data-stealing trojans that have burrowed into automatic teller machines in Eastern Europe over the past 18 months.
The malware logs the magnetic-stripe data and personal identification number of cards used at an infected machine and provides an intuitive interface for retrieving the information using the ATM's receipt printer, according to analysts from SpiderLabs, the research arm of security firm Trustwave. Since late 2007 or so, there have been at least 16 updates to the software, an indication that the authors are working hard to perfect their tool.
"They're following more of a rapid development lifecycle," Nicholas Percoco, vice president and head of SpiderLabs, told The Register. "They're seeing what works and putting out new versions."
The US government said Wednesday it plans to digitally sign the internet's root zone by the end of the year, a move that would end years of inaction securing the internet's most important asset.
The US Department of Commerce's National Telecommunications and Information Administration (NTIA) said it was turning to ICANN, or the Internet Corporation for Assigned Names and Numbers, and VeriSign to implement the measure, which is known as DNSSEC. In October, the two organizations submitted separate proposals that offered sharply contrasting visions for putting the complicated framework in place.
Microsoft has unveiled its new control system for the Xbox 360 console, at E3 in Los Angeles.
Project Natal is a fully hands-free control system that will use face recognition and motion sensors to allow users to play games.
Film director Steven Spielberg, attending the launch, said it was "a window into what the future holds".
Although still in the early stages, Microsoft has sent prototypes to all the main game developers.
Yesterday evening, after writing the previous two articles on the battle between Intel and ARM + NVIDIA for the ultramobile space, I was telling our Linux editor why I think Intel pours so many resources into Moblin and other parts of the Linux ecosystem: they want to keep x86-based Linux well ahead of ARM, because the software stack is critical to making inroads in low-power mobile and embedded applications. But while Moblin might be fine for web tablets and the like, real embedded customers of the sort that Intel would ultimately like to poach from ARM run the VxWorks real-time OS by Wind River. So this morning, Intel has announced that it is going to do with VxWorks what it cannot do with Linux—it's just buying the whole thing.
Intel plans to buy Wind River for a cool $884 million in cash, and it seems likely that it plans to extend their Linux strategy to this new OS. Intel's announcement on the deal emphasizes that Wind River will be run as a subsidiary of Intel, and that "Wind River will continue to develop innovative, commercial-grade software platforms that support multiple hardware architectures that are optimized for the needs of its many embedded and mobile customers." But Intel isn't shy about trumpeting the fact that Wind River will now turn considerable attention to the x86 port of VxWorks.
Halifax, the UK retail bank, has scored a victory in a closely-watched 'phantom withdrawal' case that put the security of Chip and PIN on trial.
Halifax customer Alain Job sued the bank after he was held liable for making eight disputed cash machine withdrawals from his account. Job was left £2,100 out of pocket from the series of withdrawals in February 2006 and launched a lawsuit after failing to obtain a refund from the bank, or through arbitration.
Cases over "phantom withdrawals", where money is withdrawn from bank ATMs without the card holder's permission and where card details have not being divulged to third parties, are commonplace, even in the UK.
Researchers for some time have demonstrated the possibility of one of virtualization's worst nightmares -- a guest virtual machine (VM) infiltrating and hacking its host system. Now another commercial tool is offering an exploit that does exactly that.
The newest version of Immunity's Canvas commercial penetration testing tool, v6.47, includes the so-called Cloudburst attack module, which was developed by Immunity researcher Kostya Kortchinsky to exploit a VMWare vulnerability (CVE-2009-1244) in VMware Workstation that lets a user or attacker in a "guest" VM break into the actual host operating environment. VMware issued a patch for the bug in April.
Yes man, the historical security group ASTALAVISTA has been destroyed by anti-sec group. I really didn't know who anti-sec group was, but they're truly amazing. I started my personal security carrier in sites such as ASTALAVISTA where security lovers meet each others sharing information and experiences, but sincerely I don't miss the ASTALAVISTA community. According to anti-sec group :
Why has Astalavista been targeted?
Other than the fact that they are not doing any of this for the "community" but
for the money, they spread exploits for kids, claim to be a security community
(with no real sense of security on their own servers), and they charge you $6.66
per months to access a dead forum with a directory filled with public releases
and outdated / broken services.